-
Notifications
You must be signed in to change notification settings - Fork 551
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[AUTO-CHERRYPICK] Fix CVE-2024-35235 for cups :2.0 - branch main (#11186
) Co-authored-by: KavyaSree2610 <[email protected]>
- Loading branch information
1 parent
96aab8d
commit fad4d61
Showing
2 changed files
with
101 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| From 192f5bd1b197e577b2332d4fdc8038c6b2993d6e Mon Sep 17 00:00:00 2001 | ||
| From: kavyasree <[email protected]> | ||
| Date: Thu, 21 Nov 2024 13:46:00 +0530 | ||
| Subject: [PATCH] Fix CVE-2024-35235 | ||
|
|
||
| --- | ||
| cups/http-addr.c | 37 +++++++++++++++++++------------------ | ||
| scheduler/conf.c | 20 ++++++++++++++++++++ | ||
| 2 files changed, 39 insertions(+), 18 deletions(-) | ||
|
|
||
| diff --git a/cups/http-addr.c b/cups/http-addr.c | ||
| index 8e81c6f..d65d4cc 100644 | ||
| --- a/cups/http-addr.c | ||
| +++ b/cups/http-addr.c | ||
| @@ -199,28 +199,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ | ||
| /* | ||
| * Remove any existing domain socket file... | ||
| */ | ||
| + if ((status = unlink(addr->un.sun_path)) < 0) | ||
| + { | ||
| + DEBUG_printf("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)); | ||
|
|
||
| - unlink(addr->un.sun_path); | ||
| - | ||
| - /* | ||
| - * Save the current umask and set it to 0 so that all users can access | ||
| - * the domain socket... | ||
| - */ | ||
| - | ||
| - mask = umask(0); | ||
| - | ||
| - /* | ||
| - * Bind the domain socket... | ||
| - */ | ||
|
|
||
| - status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); | ||
| + if (errno == ENOENT) | ||
| + status = 0; | ||
| + } | ||
|
|
||
| - /* | ||
| - * Restore the umask and fix permissions... | ||
| - */ | ||
| + if (!status) | ||
| + { | ||
| + // Save the current umask and set it to 0 so that all users can access | ||
| + // the domain socket... | ||
| + mask = umask(0); | ||
|
|
||
| - umask(mask); | ||
| - chmod(addr->un.sun_path, 0140777); | ||
| + // Bind the domain socket... | ||
| + if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) | ||
| + { | ||
| + DEBUG_printf("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)); | ||
| + } | ||
| + // Restore the umask... | ||
| + umask(mask); | ||
| + } | ||
| } | ||
| else | ||
| #endif /* AF_LOCAL */ | ||
| diff --git a/scheduler/conf.c b/scheduler/conf.c | ||
| index 74531a8..180ef9b 100644 | ||
| --- a/scheduler/conf.c | ||
| +++ b/scheduler/conf.c | ||
| @@ -3071,6 +3071,26 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ | ||
| cupsd_listener_t *lis; /* New listeners array */ | ||
|
|
||
|
|
||
| + /* | ||
| + * If we are launched on-demand, do not use domain sockets from the config | ||
| + * file. Also check that the domain socket path is not too long... | ||
| + */ | ||
| + | ||
| +#ifdef HAVE_ONDEMAND | ||
| + if (*value == '/' && OnDemand) | ||
| + { | ||
| + if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) | ||
| + cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); | ||
| + continue; | ||
| + } | ||
| +#endif // HAVE_ONDEMAND | ||
| + | ||
| + if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) | ||
| + { | ||
| + cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); | ||
| + continue; | ||
| + } | ||
| + | ||
| /* | ||
| * Get the address list... | ||
| */ | ||
| -- | ||
| 2.34.1 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,7 +12,7 @@ | |
| Summary: CUPS printing system | ||
| Name: cups | ||
| Version: 2.3.3%{OP_VER} | ||
| Release: 8%{?dist} | ||
| Release: 9%{?dist} | ||
| License: ASL 2.0 with exceptions | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Mariner | ||
|
|
@@ -64,6 +64,7 @@ Patch14: CVE-2023-4504.patch | |
| Patch15: CVE-2023-32324.patch | ||
| Patch16: CVE-2023-34241.patch | ||
| Patch17: CVE-2022-26691.patch | ||
| Patch18: CVE-2024-35235.patch | ||
| #### UPSTREAM PATCHES (starts with 1000) #### | ||
| ##### Patches removed because IMHO they aren't no longer needed | ||
| ##### but still I'll leave them in git in case their removal | ||
|
|
@@ -657,6 +658,9 @@ rm -f %{cups_serverbin}/backend/smb | |
| %{_mandir}/man7/ippeveps.7.gz | ||
|
|
||
| %changelog | ||
| * Thu Nov 21 2024 Kavya Sree Kaitepalli <[email protected]> - 2.3.3op2-9 | ||
| - Add patch for CVE-2024-35235 | ||
|
|
||
| * Tue May 21 2024 Lanze Liu <[email protected]> - 2.3.3op2-8 | ||
| - Add patch for CVE-2022-26691. | ||
|
|
||
|
|
||